<html>
<head>
<title> Configuring DNS Services </title>
<meta name="Keywords" content="" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="stylesheet.css"/>
<script src="locate.js"></script>
<link href="prettify.css" type="text/css" rel="stylesheet" />
<script type="text/javascript" src="prettify.js"></script>
</head>
<script src="highlight.js"></script>
<body bgcolor="#FFFFFF" text="#000000" link="#0000A0" alink="#008000" vlink="#FF0000" onLoad="FindCorrectTOCPage(); prettyPrint()">
<table cellpadding="0" cellspacing="0" border="0">
<tr valign="top">
<td>
<p class="pagenavigation"><a href="43465.htm" target="_self"><img src="38976.gif" alt="Previous page" height="16" width="16" vspace="0" hspace="1" align="top" border="0"> Previous page</a></p></td>
<td>
<p class="pagenavigation"><a href="16648.htm" target="_self"><img src="38977.gif" alt="Next page" height="16" width="16" vspace="0" hspace="1" align="top" border="0"> Next page</a></p></td>
<td>
<p class="pagenavigation"><a href="toc4151857.htm" target="TOC"><img src="38970.gif" alt="Locate page" height="16" width="16" vspace="0" hspace="1" align="top" border="0"> Locate page</a></p></td>
<td>
<p class="pagenavigation"><a href="toc4151857.htm" target="TOC"><a class="" title="" href="javascript:print();" target="_self"><img src="39072.gif" alt="Print this page" height="16" width="16" vspace="0" hspace="1" align="top" border="0"></a></a></p></td>
</tr>
</table>
<h2 class="heading2">Configuring DNS Services</h2>
<p class="bodytext">Your control panel works in cooperation with the BIND DNS server, which enables you to run DNS service on the same machine where you host Web sites.</p>
<p class="bodytext">Setup of DNS zones for newly added domains is automated: When you add a new domain name to control panel, a zone file is automatically generated for it in accordance with the server-wide DNS zone template and registered in the name server's database, and name server is instructed to act as a primary (master) DNS server for the zone.</p>
<p class="bodytext">You can:</p>
<ul class="listbullet"><li class="listbullet">Add resource records to and remove from the template</li><li class="listbullet">Override the automatic zone configuration with custom settings on a per-domain basis</li><li class="listbullet">Switch off the domain name service on this machine if your provider or another organization is running DNS service for your sites</li></ul><p class="bodytext"></p>
<p class="procedureheading">To view the default records in the server-wide DNS template:</p>
<ol class="procedurelistnumber"><li class="procedurelistnumber">Click the <strong class="specialbold">Server</strong> shortcut in the navigation pane.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS</strong> icon in the <strong class="specialbold">Services</strong> group. All resource record templates will be displayed. <p class="listcontinue">The &lt;ip&gt; and &lt;domain&gt; templates are automatically replaced in the generated zone with real IP addresses and domain names.</p>
</li></ol><p class="bodytext"></p>
<p class="procedureheading">To add a new resource record to the server-wide DNS template:</p>
<ol class="procedurelistnumber"><li class="procedurelistnumber">Click the <strong class="specialbold">Server</strong> shortcut in the navigation pane.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS</strong> icon in the <strong class="specialbold">Services</strong> group.</li><li class="procedurelistnumber">Click the <strong class="specialbold">Add New Record</strong> icon in the <strong class="specialbold">Tools</strong> group.</li><li class="procedurelistnumber">Select the resource record type and specify the record properties as desired. <p class="listcontinue">Note that you can use &lt;ip&gt; and &lt;domain&gt; templates that will be replaced in the generated zone with real IP addresses and domain names. You can use a wildcard symbol (*) to specify any part of the domain name, and you can specify the exact values you need.</p>
</li><li class="procedurelistnumber">Click <strong class="specialbold">OK</strong>.</li></ol><p class="bodytext"></p>
<p class="procedureheading">To remove a resource record from the server-wide DNS template:</p>
<ol class="procedurelistnumber"><li class="procedurelistnumber">Click the <strong class="specialbold">Server</strong> shortcut in the navigation pane.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS</strong> icon in the <strong class="specialbold">Services</strong> group.</li><li class="procedurelistnumber">Select a check box corresponding to the record template you wish to remove, and click <img src="17726.gif" alt="" height="16" width="16" vspace="0" hspace="0" align="bottom" border="0"> <strong class="specialbold">Remove Selected</strong>.</li><li class="procedurelistnumber">Confirm removal and click <strong class="specialbold">OK</strong>.</li></ol><p class="bodytext"></p>
<p class="bodytext">Plesk updates automatically the zone name, hostname, administrator's e-mail address, and serial number, and writes the default values for the rest of Start of Authority record parameters to the zone files it maintains. If you are not satisfied with the default values, you can change them through the control panel.</p>
<p class="procedureheading">To change the Start of Authority (SOA) record settings in the server-wide DNS template:</p>
<ol class="procedurelistnumber"><li class="procedurelistnumber">Click the <strong class="specialbold">Server</strong> shortcut in the navigation pane.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS</strong> icon in the <strong class="specialbold">Services</strong> group.</li><li class="procedurelistnumber">Click <strong class="specialbold">SOA Preferences</strong>.</li><li class="procedurelistnumber">Specify the desired values:<ul class="listbullet2"><li class="listbullet2"><strong class="specialbold">TTL</strong>. This is the amount of time that other DNS servers should store the record in a cache. Plesk sets the default value of one day.</li><li class="listbullet2"><strong class="specialbold">Refresh</strong>. This is how often the secondary name servers check with the primary name server to see if any changes have been made to the domain's zone file. Plesk sets the default value of three hours.</li><li class="listbullet2"><strong class="specialbold">Retry</strong>. This is the time a secondary server waits before retrying a failed zone transfer. This time is typically less than the refresh interval. Plesk sets the default value of one hour.</li><li class="listbullet2"><strong class="specialbold">Expire</strong>. This is the time before a secondary server stops responding to queries, after a lapsed refresh interval where the zone was not refreshed or updated. Plesk sets the default value of one week.</li><li class="listbullet2"><strong class="specialbold">Minimum</strong>. This is the time a secondary server should cache a negative response. Plesk sets the default value of three hours.</li></ul></li><li class="procedurelistnumber">Click <strong class="specialbold">OK</strong>. The new SOA record parameters will be set for the newly created domains.</li></ol><p class="bodytext"></p>
<p class="bodytext">Usage of serial number format recommended by IETF and RIPE is mandatory for many domains registered in some high-level DNS zones, mostly European ones. If your domain is registered in one of these zones and your registrar refuses your SOA serial number, using serial number format recommended by IETF and RIPE should resolve this issue.</p>
<p class="bodytext">Plesk servers use UNIX-timestamp syntax for configuring DNS zones. UNIX timestamp is the number of seconds since January 1, 1970 (Unix Epoch). The 32-bit timestamp will overflow by July 8, 2038.</p>
<p class="bodytext">RIPE recommends using YYYYMMDDNN format, where YYYY is year (four digits), MM is month (two digits), DD is day of month (two digits) and NN is version per day (two digits). The YYYYMMDDNN format won't overflow until the year 4294.</p>
<p class="procedureheading">To change the Start of Authority (SOA) serial number format to YYYYMMDDNN for the server-wide DNS template:</p>
<ol class="procedurelistnumber"><li class="procedurelistnumber">Click the <strong class="specialbold">Server</strong> shortcut in the navigation pane.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS</strong> icon in the <strong class="specialbold">Services</strong> group.</li><li class="procedurelistnumber">Click <strong class="specialbold">SOA Preferences</strong>.</li><li class="procedurelistnumber">Select the <strong class="specialbold">Use serial number format recommended by IETF and RIPE</strong> check box.<p class="listnote"><strong class="buttons">Note:</strong> See the sample of SOA serial number generated with the selected format. If the resulting number is less, than the current zone number, the modification may cause temporary malfunction of DNS for this domain. Zone updates may be invisible to Internet users for some time.</p>
</li><li class="procedurelistnumber">Click <strong class="specialbold">OK</strong>. </li></ol><p class="bodytext"></p>
<p class="procedureheading">To restore the default Start of Authority (SOA) serial number format (UNIX timestamp) for the server-wide DNS template:</p>
<ol class="procedurelistnumber"><li class="procedurelistnumber">Click the <strong class="specialbold">Server</strong> shortcut in the navigation pane.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS</strong> icon in the <strong class="specialbold">Services</strong> group.</li><li class="procedurelistnumber">Click <strong class="specialbold">SOA Preferences</strong>.</li><li class="procedurelistnumber">Clear the <strong class="specialbold">Use serial number format recommended by IETF and RIPE</strong> check box.<p class="listnote"><strong class="buttons">Note:</strong> See the sample of SOA serial number generated with the selected format. If the resulting number is less, than the current zone number, the modification may cause temporary malfunction of DNS for this domain. Zone updates may be invisible to Internet users for some time.</p>
</li><li class="procedurelistnumber">Click <strong class="specialbold">OK</strong>. </li></ol><p class="bodytext"></p>
<p class="bodytext">By default, transfer of DNS zones is allowed only for name servers designated by NS records contained within each zone. If your domain name registrar requires that you allow transfer for all zones you serve:</p>
<ol class="procedurelistnumber"><li class="procedurelistnumber">Click the <strong class="specialbold">Server</strong> shortcut in the navigation pane.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS</strong> icon in the <strong class="specialbold">Services</strong> group.</li><li class="procedurelistnumber">Click the <strong class="specialbold">Common ACL</strong> icon in the <strong class="specialbold">Tools</strong> group. A screen will show all hosts to which DNS zone transfers for all zones are allowed.</li><li class="procedurelistnumber">Click the <strong class="specialbold">Add New Address</strong> icon.</li><li class="procedurelistnumber">Specify the registrar's IP or network address and click <strong class="specialbold">OK</strong>.</li></ol><p class="bodytext"></p>
<p class="procedureheading">If you are using third-party DNS servers, and are not running your own DNS server, you should switch off your control panel's DNS server:</p>
<ol class="procedurelistnumber"><li class="procedurelistnumber">Click the <strong class="specialbold">Server</strong> shortcut in the navigation pane.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS</strong> icon in the <strong class="specialbold">Services</strong> group.</li><li class="procedurelistnumber">Click the <strong class="specialbold">Switch off</strong> icon in the <strong class="specialbold">Tools</strong> group.</li></ol><p class="bodytext"></p>
<p class="procedureheading">To restore the original configuration of server-wide DNS template:</p>
<ol class="procedurelistnumber"><li class="procedurelistnumber">Click the <strong class="specialbold">Server</strong> shortcut in the navigation pane.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS</strong> icon in the <strong class="specialbold">Services</strong> group.</li><li class="procedurelistnumber">Click the <strong class="specialbold">Default</strong> icon in the <strong class="specialbold">Tools</strong> group.</li></ol><p class="bodytext"></p>
<p class="bodytext">You can specify whether your DNS server should provide recursive service for queries.</p>
<p class="bodytext">With recursive service allowed, your DNS server, when queried, performs all the lookup procedures required to find the destination IP address for the requestor. When recursive service is not allowed, your DNS server performs minimal number of queries only to find a server that knows where the requested resource resides and to redirect the requestor to that server. Therefore, recursive service consumes more server resources and makes your server susceptible to denial-of-service attacks, especially when the server is set to serve recursive queries from clients outside your network.</p>
<p class="bodytext">After your install Plesk, the built-in DNS server defaults to serving recursive queries only from your own server and from other servers located in your network. This is the optimal setting. If your upgraded from earlier versions of Plesk, your DNS server defaults to serving recursive queries from any host.</p>
<p class="procedureheading">If you want to change the settings for recursive domain name service:</p>
<ol class="procedurelistnumber"><li class="procedurelistnumber">Click the <strong class="specialbold">Server</strong> shortcut in the navigation pane.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS</strong> icon in the <strong class="specialbold">Services</strong> group.</li><li class="procedurelistnumber">Click the <strong class="specialbold">DNS Preferences</strong> icon in the <strong class="specialbold">Tools</strong> group.</li><li class="procedurelistnumber">Select the option you need:<ul class="listbullet2"><li class="listbullet2">To allow recursive queries from all hosts, select <strong class="specialbold">Any host</strong>.</li><li class="listbullet2">To allow recursive queries from your own server and hosts from your network, select <strong class="specialbold">Localnets</strong>.</li><li class="listbullet2">To allow recursive queries only from your own server, select <strong class="specialbold">Localhost</strong>.</li></ul></li><li class="procedurelistnumber">Click <strong class="specialbold">OK</strong>.</li></ol><table cellpadding="0" cellspacing="0" border="0">
<tr valign="top">
<td>
<p class="relatedheading">In this section:</p><p class="relateditem"><a href="16648.htm" target="_self">Configuring Plesk to Run Behind a Firewall</a></p></td>
</tr>
</table>



</body>
<script>highlightTOC()</script>
</html>

